MI5 says cyber crimes against governments and big businesses are on the rise and that UK businesses are losing millions as a direct result.
MI5 Director Jonathan Evans
Jonathan Evans, the director general of the security service, said that the organisation is fighting an "astonishing" level of cyber-attacks against the UK industry. Evan’s warning speech comes in the wake of Italian, German and Dutch banks being targeted in a €60m euro cyber bank heist.
Evans warned that internet vulnerabilities are being taken advantage of by criminals as well as states. He also revealed MI5 is investigating cyber attacks in over a dozen companies and that one major London business has suffered £800 million in losses following an attack which terrorist could exploit in the near future.
"The extent of what is going on is astonishing – with industrial-scale processes involving many thousands of people lying behind both State sponsored cyber espionage and organised cyber crime," said Evans during his speech on Monday night.
Evans speech comes after a report from Cambridge University that claims cyber crime is currently costing Britain £11 billion.
"What is at stake is not just our government secrets but also the safety and security of our infrastructure, the intellectual property that underpins our future prosperity and the commercially sensitive information that is the lifeblood of our companies and corporations," said Evans.
The internet’s development has made it easier for cyber criminal acts to happen.
The internet has developed from a communication network to what is called the "internet of things" – connecting via the internet the buildings we work in, the cars we drive, our traffic management systems, Bank ATMs, our industrial control systems and much more," said Evans.
Evans says that terrorist groups are likely to be able use cyber vulnerabilities to attack targets in the future.
"So far, established terrorist groups have not posed a significant threat in this medium, but they are aware of the potential to use cyber vulnerabilities to attack critical infrastructure and I would expect them to gain more capability to do so in future," he said.
Ross Brewer, international markets managing director and vice president of LogRhythm says that the threat of cyber terrorism is a clear signal that governments must boost security and address all vulnerabilities.
"The threat of terrorism is shifting from physical acts of violence to a more subtle, silent war that is fought from behind a computer screen," says Brewer. "Cyber warfare is no longer a product of a Minority Report-esque era – and it seems that MI5 is now placing the issue directly under the microscope. Considering the discovery of the Flame malware, Google’s warning to vulnerable users about state-sponsored attacks, and recent headlines around the ACAD/Medre virus, it is becoming clear that Governments and businesses must take urgent action to boost security and ensure that any vulnerabilities are addressed."
Jonathan Evans’ speech along with financial losses at banks across Europe shows that cyber espionage is becoming more prevalent that some realise.
Paul Davis, director of Europe at FireEye, warns that as attacks continue to become more advanced and complex, it’s likely these activities will become more noticeable by the public as cybercrimes begin to target infrastructures and systems that have a greater impact on the general public.
"Cyber attacks have become a new form of ‘cold conflict’, where nation states are able to affect each other through indirect means," says Davis. "This evolved threat landscape now means that any organisation, government or nation must urgently up the ante on pre-emptive security before it is too late."
"Over-reliance on traditional signature-based perimeter defences and heuristics means that too many are still lulled into a false sense of security – while woefully exposed to zero day, unknown attacks. Instead, more must be done to ensure continuous monitoring of all network activity so that attacks can be thwarted at an early enough stage to prevent any widespread damage. While this announcement from MI5 seems to point to the fact that we are waking up to the modern threat landscape, it is painfully clear that much more must be done to bring security procedures in line with the current threat level."
Davis says that it is important that big businesses and governments prepare themselves for future attacks.
"Just as internet shoppers have credit card details that low-level hackers find alluring, businesses and governments have vast amounts of Intellectual Property and sensitive information that today’s cybercriminals are targeting through advanced attacks. It is important that this shift in focus does not catch us off guard."
Please follow this author on Twitter @Tineka_S or comment below.